(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 

Internationa] Bureau 

(43) International Publication Date 
18 September 2003 (18.09.2003) 




(10) International Publication Number 

PCT WO 03/077498 Al 



(51) International Patent Classification 7 : H04L 29/06 
(21) International Application Number: PCT/CA03/003 15 



(22) International Filing Date: 

(25) Filing Language: 

(26) Publication Language: 



7 March 2003 (07.03.2003) 
English 
English 



(30) Priority Data: 

60/362,865 



8 March 2002 (08.03.2002) US 



(71) Applicant (for all designated States except US): CERT1- 
COM CORP. [CA/CAJ; 4lh Floor, 5520 Explorer Drive, 
Mississauga, Ontario L4W 5L1 (CA). 

(72) Inventors; and 

(75) Inventors/Applicants (for US only): STRUIK, Marin us 

[NL/CA]; 728 Manning Ave., Toronto, Ontario M6G 2W4 



(CA). VANSTONE, Scott, Alexander [CA/CA]; 10140 
Pineview Trail, P.O. Box 490, Campbellville, Ontario LOP 
1B0 (CA). 

(74) Agents: ORANGE, John, R., S. el al.; McCarthy Tetrault 
LLP, Suite 4700, P.O. Box 48, 66 Wellington Si. W., 
Toronto, Ontario M5K 1E6 (CA). 

(81) Designated States (national): AE, AG. AL, AM, AT, AU, 
AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CO, CR, CU, 
CZ, DE, DK, DM, DZ, EC, EE, ES, Fl, GB, GD, GE, GH, 
GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, 
LK, LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, 
MX, MZ, NO, NZ, OM, PH, PL, FT, RO, RU, SC, SD, SE, 
SG, SK, SL, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, 
VC, VN, YU, ZA, ZM, ZW. 

(84) Designated States (regional): ARIPO patent (GH. GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZM, ZW), 

[Continued on next page] 



(54) Title: LOCAL AREA NETWORK 



00 

O 




(57) Abstract: A method and system for 
distributed security for a plurality of devices in 
a communication network, each of the devices 
being responsible for generating, distributing 
and controlling its own keys for access to the 
communication network and using the keys 
to establish a trusted network, each device's 
membership to the communication network 
being checked periodically by other devices 
by using a challenge response protocol to 
establish which devices are allowed access 
to the communication network and the trusted 
network. 



03/077498 Al I Bill HUM II llllll lllli lifl 1 II III lllll Hill IIM lllll lilll IMI HIIIB Hil llii Bll 



Eurasian patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), — before the expiration of the time limit for amending the 
European patent (AT, BE, BG, CH, CY, CZ, DE, DK, EE, claims and to be republished in the event of receipt of 

HS, 11, FR, GB, GR, HU, IE, IT, UJ, MC, NL, PT, RO, amendments 
SE, SI, SK, TR), OAPI patent (BI\ BJ, CF, CG, CI, CM, 

GA, GN, GQ, GW, ML, MR, NE, SN, TO, TG>. ^ ^ ^ ^ ^ ^ refer „ the , Quid . 

Published- ance Noles on Codes and Abbreviations" appearing at the begin- 

— with international search report ting of each regular issue of the PCT Gazette. 



WO 03/077498 



PCT/CA03/00315 



1 LOCAL AREA NETWORK 

2 

3 BACKGROUND OF THE INVENTION 
4 

5 [0001] This application claims priority in United States Provisional Application 

6 Serial No. 60/362,865, entitled "Local Area Network", filed on March 8, 2002 and 

7 United States Provisional Application Serial No. 60/363,309, entitled "Local Area 

8 Network", filed on March 1 1, 2002. 
9 

1 0 FIELD OF THE INVENTION 

1 1 [0002] This invention relates to communication networks, more particularly it relates 

12 to security within these networks. 
13 

1 4 DESCRIPTION OF THE PRIOR ART 
15 

1 6 [0003] One of the most significant recent developments in wireless technologies is 

1 7 the emergence of wireless personal area networking. Wireless personal area networks 

18 WPANs™ use radio frequencies to transmit both voice and data, and are specified by 

19 standards such as IEEE standard 802.15 or 802.3 from the Institute of Electrical and 

20 Electronics Engineers Standards Association (IEEE-SA), among other specifications. The 

21 802.15 specification is ideal for linking notebook computers, mobile phones, personal 

22 digital assistants (PDAs), digital cameras, and other handheld devices to do business at 

23 home, on the road, or in the office. 

24 [0004] These wireless networks are formed by a number of devices joining and 

25 leaving the network in an ad hoc manner, hence such networks are known as ad hoc 

26 networks or piconets. Thus, the set of devices connected to the ad hoc network any given 

27 time may fluctuate, and so the topology of the network is dynamic. It is desirable to 

28 control access to the network and to provide a mechanism for establishing and 

29 maintaining security. Traditionally, security is established using a central device or a 

30 piconet controller (PNC) which controls access and distributes keys within the network. 

31 A drawback of this scheme is that each member of the network is required to trust the 

32 PNC. 
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l [0005] Admission to the piconet is based on the outcome of the following protocols 
between the prospective joining device and the PNC of the piconet. The joining device 
and the PNC engage in a mutual entity authentication protocol based on public key or 
symmetric key techniques. The true device identity of both the joining device and the 
PNC is determined using this protocol. A link key can also be derived based on the 
authentic keys of both parties. Another protocol involves using authorization techniques 
between both devices, based on access control lists (ACLs). The Access Control Lists 
may be dynamically updated, similar to PDA functionality, where a determination is 
made whether an entity is added or removed from the ACL at entry. This determination 
may be made by an operator, such as a human operator. For devices that lack a user 
interface, this update mechanism may be invoked by an open enrollment period followed 
by a lock-up step, for example, which may be confirmed by a button push or be a simple 
re-set of the whole list. This may be performed by actuating a re-set or re-initialize button 

14 on the device. 

1 5 [0006J Thus devices in the piconet fully depend on information provided by the PNC 
regarding which devices have been admitted to the piconet, since admission is based on 
communication between the PNC and a joining device only. If however an improper list 
of devices, DeviceList, in the piconet has been distributed by the PNC, either by error or 
maliciously, the security of the network is jeopardised. Each device has a short hand 
address, such as a local 8-bit ID, and a long hand address, such as a global 48-bit device 
ID. For example, in a piconet in which since all devices share a common broadcast key, 
the list of admitted devices to the piconet is L:= (local 8-bit device ID, global 48-bit 
device ID), then the failure to obtain the complete and authentic list of admitted devices 

24 has the following consequences: 

25 [0007] 'Fly on the wall' scenario: 

26 [0008] If a device obtains an incomplete list: L' <r (U * L) of admitted devices, all 

27 devices in the complementary set L\ V are invisible' to the device. Hence, the device 
might mistakenly think it is sharing secured information only with devices from the list 
L, whereas actually it is unknowingly sharing with other devices of the set L as well. 

30 This obviously violates sound security practice. 

3 1 [00091 'Switchboard ' scenario ' : 
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1 1001 0) If the binding between the local device ED and the global device ID is 

2 incorrectly received, for example if 2 entries are interchanged, a device might direct 

3 information to the improper device and so compromise the intended security. This 

4 property also holds in other settings where a key-generating party does not share 

5 complete and authentic information on the composition of the key-sharing group itself 

6 with the other members of this group. Therefore, these scenarios present a security model 

7 in which there is complete trust or a security model in which a device trusts no other 

8 device, however a hybrid model of these two models is possible. 



9 [001 1 1 Accordingly it is an object of the present invention to mitigate or obviate at 

10 least one of above-mentioned disadvantages, 
n 

1 2 SUMMARY OF THE INVENTION 
13 

14 [0012] In one of its aspects the invention provides a method of establishing and 

15 maintaining distributed security between a plurality of devices in an ad hoc network, the 

16 method having the steps of; associating each device with a unique device address; 

17 assigning to one of the devices a control function to control access to the network 

18 by other devices; 

19 each of the devices generating a public key for distribution to other devices; 

20 each of the devices authenticating itself periodically with the other devices in order to 

21 determine status of the other devices; 

22 arranging the devices into a plurality of trust groups, each group having a group 

23 key for distribution within the trust group; 

24 associating a trust level to each of the devices; 

25 each of the devices using the public key and the group key to perform key 

26 agreement in order to establish a secure communication channel with the other devices in 

27 the group; 

28 whereby each of the devices is responsible for its own security by generating, 

29 distributing its own keys to the other devices. 
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1 [001 3 J In another aspect, the invention provides a method of establishing and 

2 maintaining distributed security between one correspondent and another correspondent, 

3 the correspondents being members of different ad hoc networks and forming a group of 

4 communicating correspondents, the method having the steps of; 

5 associating the one correspondent and the other correspondent with unique device 

6 addresses; 

7 controlling access to the different ad hoc networks; 

8 each ad hoc network having a gateway and transferring traffic between the 

9 correspondents via the gateways; 

10 the one correspondent generating a public key for distribution to the other 

11 correspondent; 

12 the one correspondent authenticating itself periodically with the other 

13 correspondent in order to determine status of the other correspondent; 

14 determining a group key for distribution to the correspondents in accordance to 

15 the step of controlling access; 

16 associating a trust level to each correspondent; each of the correspondents using 

17 the public key and the group key for performing key agreement in order to establish 

18 secure communication within the group; 

19 whereby the one correspondent is responsible for its own security by generating, 

20 distributing its own keys to the other correspondent. 

21 [0014] In yet another aspect, the invention provides a distributed security system for a 

22 plurality of devices in a network, each of the devices being responsible for generating, 

23 distributing and controlling its own keys for access to the network and using the keys to 

24 establish a trusted network, each device's membership to the network being checked 

25 periodically by other devices by using a challenge response protocol to establish which 

26 devices are allowed access to the network and the trusted network. 
27 

28 BRIEF DESCRIPTION OF THE DRAWINGS 

29 [001 51 These and other features of the preferred embodiments of the invention will 

30 become more apparent in the following detailed description in which reference is made to 

31 the appended drawings wherein 
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1 [0016] Figure 1 is a communication network; 

2 [0017] Figure 2 is a group structure for a security model having different trust levels; 

3 [0018] Figure 3 is a group structure for a security model having different trust levels; 

4 [0019] Figure 4 is a group structure for a security model having different trust levels; 

5 [0020] Figure 5 is a group structure for a security model having different trust levels; 

6 [0021] Figure 6 shows communication between piconets; 

7 [0022] Figure 7 shows a flowchart outlining steps for establishing secure 

8 communication between devices in different piconets; and 

9 [0023] Figure 8 shows secure communication between piconets; 
10 

1 1 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

12 [0024] Reference is first made to Figure 1 , which shows an overview of a distributed 

13 security system 10 having a plurality of communication devices 1 1, 12, 14, 16 in a 

14 communication network 1 8, in a preferred embodiment. The communication network 1 8 

1 5 may be a wireless personal area network ( WPAN™) such as a piconet, in which the 

16 devices 1 1, 12, 14, 16 connect to each other in an ad hoc fashion. The devices 1 1,12, 14, 

17 16 may be portable and mobile computing devices such as PCs, Personal Digital 

1 8 Assistants (PDAs), peripherals, cell phones, pagers, consumer electronics, and other 

19 handheld devices. It will be understood that such devices 11, 12, 14, 16 include 

20 addressing information to facilitate communication within the network 1 8. The 

21 addressing information includes a local device ID, having 8 bits for example, and a 

22 device ID, such as, an IEEE MAC Address including 48 bits. Therefore, upon a device 

23 1 1, 12, 14, 16 joining the network it is assigned an unused local ID. Generally, one device 

24 1 1 will act as a master or a piconet network controller (PNC), and the other devices 1 2, 

25 14, 16 act as slaves for the duration of the piconet 1 8 connection. The PNC 1 1 sets a 

26 clock , a hopping pattern determined by device ID, and assigns time for connections 

27 between all devices 1 1, 12, 14 16. Thus, each piconet 18 includes a unique hopping 

28 pattern/ID, and the PNC 1 1 gives slaves 12, 14 16 the clock and a local device ID, which 

29 is optionally used in conj unction with the EEE MAC Address, to form the piconet 1 8. 

30 [0025] The PNC 1 1 activates an access controller 20 using ID'S of the devices and 

31 optionally an access control list such that devices 12, 14, 16 that have been positively 
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1 authenticated and have been authorized are admitted to the piconet 18. The PNC 1 1 also 

2 includes a traffic controller 22 to regulate data flow within the network 18. This may be 

3 done by allocating time slots to each device 1 1,12,14,16 for message distribution. Each of 

4 the devices 1 1, 12, 14, 16 includes a security manager function 24. The security manager 

5 function 24 generates keys for communicating with other devices 1 1,12,14,16 within the 

6 network 1 8, and distributes these keys to selected device members 1 1,12,14,16 of the 

7 network 18. Each device 11, 12, 14 or 16 includes a transceiver 25 for establishing a 

8 communication channel with other devices 1 1,12,14,16. When distributing a key, the 

9 security manager function 24 also indicates to the other devices 1 1,12,14,16 in the 

10 network 1 8 the other devices 1 1,12,14,16 to which the key is being distributed. Thus, 

1 1 there is no reliance on other devices 11, 12, 14, 16 for trust functionality, as each device 

12 1 1, 12, 14 or 16 need only trust itself, to form a distributed security regime. 

13 [0026] Thus, the security manager function 24 can establish a trust set, or TrustList, 

14 which indicates which of the devices 1 1,12,14,16 in the network the security manager 24 

15 of that particular device 1 1,12,14 or 16 is prepared to trust. The security manager 

16 function 24 may also attribute different levels of trust to each of the established trust sets. 

17 In this way the equivalent of a centralised network 18 can be established where a device 

18 11,12,14 or 16 trusts every other device 1 1 , 1 2, 1 4 or 1 6; or an entirely decentralised 

19 network 18 is provided where a device 1 1,12,14 or 16 trusts no other device 1 1,12,14 or 

20 16 but itself. 

2 1 [0027] Similarly the security manager 24 receiving a key from another device 11, 12, 

22 14, 16 can determine its source and allocate to that key a level of trust that determines the 

23 functions for which the key will be used. Thus the security manager 24 may determine 

24 that the key is from a trusted party 11, 12, 14 or 16 and the key may be used to both 

25 decrypt messages received from that trusted party 11, 12, 14 or 16 and encrypt messages 

26 sent to that trusted party 11, 12, 14 or 16. Alternatively, the security manager function 24 

27 may determine that the key originates at a party 11, 12, 14 or 16 not trusted by itself and 

28 only permit the key to be used for decryption. However, the device 1 1, 12, 14 or 16 may 

29 choose to ignore data, rather than going through the effort of having to decrypt the data 

30 first. This option may be useful for dealing with unsolicited communication or 

31 'junkmaiP. 
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1 [0028] The security manager 24 also includes methods of determining which of the 

2 devices 1 1, 12, 14 or 16 are presently active in the network 18. These methods include 

3 the functions of each device 1 1, 12, 14 or 16 re-authenticating itself with each of its key 

4 sharing parties 1 1 , 12, 14 or 16 at predetermined time. One such method includes the 

5 steps of periodically performing a 'heartbeat operation* in the form of a challenge 

6 response protocol to determine which devices are presently included in the network 1 8, 

7 and adjusting the groups and trust levels accordingly. Thus, each device 1 1, 12, 14 or 16 

8 may dynamically update its own TrustList to reflect changes in the trust relationships. For 

9 devices 1 1,12,14 or 16 that lack a user interface, this update mechanism may be invoked 

10 by an open enrollment period followed by a lock-up step, possibly confirmed by a button 

1 1 push, or it may be a simple re-set of the whole list, for example by pushing a re-set or re- 

12 initialize button on the device 1 1,12,14 or 16.. Moreover, some of the changes might be 

13 invoked by a third entity that performs remote or delegated trust management for that 

14 device. 

15 [0029] Referring now to Figure 2, in order to describe the distributed security model, 

16 as an example, assume the PNC 1 1 permits access to devices A, B,C,D, E, F, G, H, then 

17 the DeviceSet :={A,B,C,D,E,F,G,H} . However if the device A only trusts devices A, B, 

18 C then TrustSet(A):= {A, B, C} that is Group 1. Also, device A may participate in other 

19 groups having a different trust set, such as Group 2, having only device D. Thus the 

20 security manger function 24 of device A senses Group 1 and Group 2 with different 

21 constituent members and different levels of trust. For example, in Group 1 , if device C is 

22 the key source, and since device C is part of the TrustSet(A), this key by device C is 

23 distributed which is used for both encryption/decryption permitted as C, and device A 

24 only accepts keys transferred to itself by devices DEV eTrustSet(A), for encryption and 

25 decryption purposes. In Group 2, as device D is not part of TrustSet(A), then A accepts a 

26 key from device D, and any other devices E, F,G and H, which are not part of 

27 TrustSet(A), for decryption purposes only. Accordingly if device A desires to 

28 communicate to Group2 members, the device A generates a new group key to form a new 

29 group, Group 3, and device A distributes this new group key to the members of Group2\ 

30 that is device D. Therefore, the groups then under the control of the security manager of 
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1 device A will then be Group 1, Group 2, as mentioned above, and Group 3, as shown 

2 Figure 3. 

3 [0030J The flexibility of the security managers 24 of devices A, B, C, D, E, F, G, H 

4 permits different network structures to be mimicked. For example, using the notation 

5 above, if DeviceSet :={A,B,C,D,E,F,G,H}, and TrustSet(A):=Universe, then device A 

6 ca be considered an altruistic device which provides a structure equivalent to a 

7 centralized model. Conversely, if TrustSet(D):={D}, then device D is an egocentric 

8 device, and is a structure equivalent a completely decentralized model. Then, looking at 

9 Figure 4, device A participates in Groups 1, 2 and 3, all groups having with differing trust 

10 relationships. For example, in Group 1 having devices A, B and C, if the key source is 

1 1 device C, then this group key is used for encryption and decryption, as device A trusts all 

12 devices B,C,D,E,F,G and H, which of course includes the key source C. However, in 

13 Group 2 having devices A, D, and G, with the key source being device G, once again 

14 device A uses this group key is used for encryption and decryption, while device D uses 

15 it for decryption only as it does not trust any other device A,B,C,E,F,G or H. In Group 3 

16 having devices D and E, with the key source being device E, device D uses the group key 

17 for decryption only as it does not trust device E. As device A is not included in Group 3, 

1 8 it does not receive the key. 

19 [0031] In Figure 5, where one of the device F is hidden from the other members in 

20 the network 18, then Group 2 does not include the full list of member devices, A,D,G and 

21 H. Therefore, device D can not communicate with device F as the heartbeat operation 

22 will indicate that device D is not alive. Since the 8-bit address or the 48-bit address of 

23 device is unavailable, there is no communication between D and device F. Therefore, 

24 device D uses the group keys for decryption only. 

25 [0032] Thus, these different group structures as shown in Figures 2, 3, 4 and 5 may 

26 be established within the same network 1 8 by using a decentralised or distributed security 

27 management scheme having the ability to set different levels of trust per device. This may 

28 be used in a number of ways, such as admission of devices A, B, C, D, E, F, G and H, 

29 such as PDAs to a piconet 1 8 based on different subscription models. For example, one 

30 subscription model may include charging a fee for airtime/bandwidth fee, while another 

3 1 model may be based on charging for content. In this example, the models may be 
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1 implemented in a building, such as an airport or fitness club, the network 1 8 includes a 

2 fixed PNC 1 1 on a ceiling and the PNC 1 1 multicasting to subscribing devices only, or 

3 the models may be implemented between individual devices. Thus, by separating the role 

4 of the security manager 24 from that of the PNC 1 1 , charging models that differentiate 

5 between airtime/bandwidth cost and content/subscription cost are possible, as these 

6 charging models might be operated by different entities A,B,C,D,E,F,G or H, or another 

7 intermediate entity. 

8 [0033] It will be seen therefore that a versatile network 1 8 is provided, and moreover 

9 the removal of a device A,B,C,D,E,F,G or H from the network 1 8 does not require re- 

10 establishment of all keys in the network 18 as the individual devices A,B,C,D,E,F,G or H 

1 1 control the distribution of the keys. Figure 6 shows communication between a device A in 

12 piconet 1 with another device B in piconet 2, where Z\ and Z 2 are members of piconet 1 

13 and piconet 2, respectively. Zi and Z 2 include transceivers 25 for establishing a 

14 communication channel or relay channel 26 between piconet 1 and piconet 2. Thus, Z| 

15 listens in on all traffic and sends all traffic destined for device B to Z 2 via the relay 

16 channel 26. Upon receipt of the traffic relayed by Z x , Z 2 further broadcasts this traffic to 

17 B. Z| and Z 2 include WPAN functionality and may act as data relay agents only, and thus 

18 may not process data. Piconet I and piconet 2 include respective PNCi and PNC 2 and 

19 thus devices A and B only need PNQ and PNC 2 , respectively, for allocation of time 

20 slots, and the function of protection of content is performed by the security manager 24 

2 1 of each device A, B. 

22 [00341 In order to facilitate communication between devices A and B, in different 

23 piconets 1 and 2, device A is associated with a router 28 which stores information related 

24 to other devices in its piconet 1, and routing information having instructions on how to 

25 route traffic from device A to other devices, such as device B. Correspondingly, device B 

26 is also associated with a router 30 having similar functionalities. Thus, any device A or B 

27 is associated with a router and these routers 28, 30 query each other periodically in order 

28 to update router information, due to the dynamic nature of the ad hoc networks 18. 

29 [0035] Referring to Figure 7 arid Figure 8, in order to establish a secure 

30 communication between device A and B, device A performs the steps of acquiring device 

31 B's full static address or device ED and a public key or symmetric key in order to perform 
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1 key agreement, in step 1 10. In the next step 1 12, the key agreement yields an 

2 authentication key for subsequent communication. Once device A receives a response, in 

3 predetermined time, that proves possession of the group public key, in step 1 14, then 

4 device A generates a new set of group keys and transports these keys to device B, in step 

5 116. Device B can then acknowledge receipt of group keys in step 1 18. Thus, devices A 

6 and B require each other's authentic public key and each other's full device ID for 

7 authentication and establishment of a secure channel 26, as different piconets may use 

8 different short hand address addresses for each device A or B. Therefore, device A and 

9 device B form a trusted group and a secure channel is set up if device B trusts any of the 

10 intermediate routers, otherwise device B creates its own keys in order to set up a secure 

1 1 channel 26 

12 [00361 Although the invention has been described with reference to certain specific 

13 embodiments, various modifications thereof will be apparent to those skilled in the art 

14 without departing from the spirit and scope of the invention as outlined in the claims 

1 5 appended hereto. 
16 

17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
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THE EMBODIMENTS OF THE INVENTION IN WHICH AN EXCLUSIVE 
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS: 

1 . A method of establishing and maintaining distributed security between a plurality 
of devices in an ad hoc network, the method having the steps of; 

associating each device with a unique device address; 

assigning to one of said devices a control function to control access by other 
devices to said network; 

each of said devices generating a public key for distribution to other devices; 

each of said devices authenticating itself periodically with said other devices in 
order to determine status of said other devices; 

arranging said devices into a plurality of trust groups, each group having a group 
key for distribution within said trust group; 

associating a trust level to each of said devices; 

each of said devices using said public key and said group key to perform key 
agreement in order to establish a secure communication channel with said other devices 
in said group; 

whereby each of said devices is responsible for its own security by generating, 
distributing its own keys to said other devices. 

2. The method of claim 1 wherein said device determines a source of said group key. 

3. The method of claim 2 wherein when said source is a device in said trust group 
then said group key is used for encryption and decryption of data transmitted between 
said devices. 

4. The method of claim 2 wherein when said source is a device excluded trust group 
then said group key is used decryption of data transmitted to said device. 

5. The method of claim 1 wherein step of determining status of said other devices 
includes a further step of determining which of said devices are active and capable of 
participating in said network. 

6. The method of claim 1 wherein step of determining status of said other devices 
includes a further step of using a challenge response protocol using said group key to 
establish whether said other devices are allowed access to said network in accordance 
with said control function. 
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7. The method of claim 1 wherein said unique device address includes a device ID 
or a local ID. 

8. The method of claim 7 wherein said device ID is an IEEE MAC address and said 
local ID is an n-bit address unique to said group. 

9. A method of establishing and maintaining distributed security between one 
correspondent and another correspondent, said correspondents being members of 
different ad hoc networks and forming a group of communicating correspondents, the 
method having the steps of; 

associating said one correspondent and said other correspondent with a unique 
device address; 

controlling access to said different ad hoc networks; 
each ad hoc network having a gateway and transferring traffic between said 
correspondents via said gateways; 

said one correspondent generating a public key for distribution to said other 
correspondent; 

said one correspondent authenticating itself periodically with said other 
correspondent in order to determine status of said other correspondent; 

determining a group key for distribution to said correspondents in accordance to 
said step of controlling access; 

associating a trust level to each of said correspondents; 

each of said correspondents using said public key and said group key for 
performing key agreement in order to establish secure communication within said group; 

whereby each of said correspondents is responsible for its own security by 
generating, distributing its own keys to said other devices. 

10. The method of claim 9 wherein said step of transferring traffic includes a further 
step of associating each of said correspondents with a router for storing routing 
information having instructions for routing traffic from said one correspondent to said 
other correspondent. 

1 1 . The method of claim 10 wherein said routers query each other periodically in 
order to update and maintain said routing information. 

12 



SUBSTITUTE SHEET (RULE 26) 



WO 03/077498 



PCT/CA03/00315 



12. The method of claim 1 1 wherein said step of determining said status of said other 
correspondent includes a further step of using a challenge response protocol to establish 
whether said other correspondent is allowed access to said different ad hoc network 
having said one correspondent, in accordance with said control function. 

13. A distributed security system for a plurality of devices in a communication 
network, each of said devices being responsible for generating, distributing and 
controlling its own keys for access to said communication network and using said keys to 
establish a trusted network, each device's membership to said communication network 
being checked periodically by other devices by using a challenge response protocol to 
establish which devices are allowed access to said communication network and said 
trusted network. 

14. The system of claim 13 wherein each device includes a security manager having 
the functions of generating said keys and distributing said keys to selected devices in said 
trusted network. 

1 5. The system of claim 14 wherein said trusted network is associated with a level of 
trust. 

16. The system of claim 14 wherein said security manager determines a source of said 
keys such that said keys from a device within said trusted network may be used for 
encryption and decryption of data, and said keys from a device excluded from said trusted 
network may be used decryption of said data. 

17. The system of claim 16 wherein said security manager foregoes decrypting said 
data when said keys are from a device excluded from said trusted network. 

18. The system of claim 15 wherein an outcome of said periodic checking is recorded 
by said security manager in order to maintain and update a membership list, and adjust 
said level of trust accordingly. 

19. The system of claim 17 wherein different trusted networks may be established 
within said network based on differing levels of trust. 

20. The system of claim 13 wherein said communication network includes a plurality 
of ad hoc networks and said distributed security system is established between devices in 
different ad hoc networks. 
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21 . The system of claim 19 wherein each ad hoc network includes a controller to 
controlling access to each of said ad hoc networks, each ad hoc network having a 
gateway for transferring traffic therebetween, and device having a router for storing 
routing information having instructions for routing traffic from said one device to another 
device via said gateways and other routers. 
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